#!/bin/bash
# The following may be heavily borrowed from, if not 
# copied from, the NSA's December 20, 2007 "Guide to the 
# Secure Configuration of Red Hat Enterprise Linux 5, Revision 2"

# Title - Block Shell and Login Access for Non-Root System Accounts

#Initialize variables
export PRECHECK="awk -F: '{if(\$3<500 && \$1!=\"root\" && \$7!=\"/sbin/nologin\") print}' /etc/passwd | grep -P -v \"^(.+)\:.*/\1$\""
export QUESTION="Would you like to block shell and login access for non-root system accounts?"
export DESCRIPTION="These are the accounts which are not associated with a human user of the system, but which exist to perform some administrative function. Make it more difficult for an attacker to use these accounts by locking their passwords and by setting their shells to some non-valid shell."
export SOLUTION="for i in `awk -F: '{if($3<500 && $1!="root") print $1}' /etc/passwd`; \
do  usermod -L $i; usermod -s /sbin/nologin $i; \
done"